Camera “Break Ins”

support

#1

Hi! Just wondering how easy it is to break into the Wyze cameras. For example, we all have heard of creepy people talking to babies over other web cams or being able to see what the webcam is recording.

Is there a way to keep our cameras and speakers on our cameras safe from those on the outside of our homes?

Thanks so much! ?


#2

It’s basically impossible for someone to hack into your Wyze camera. Assuming you have a strong password on your account.

From the FAQ:
How do you make sure my personal data and video stream are secure?
We take our customers’ data safety very seriously. The communication between your mobile device, the Wyzecam, and the AWS Cloud Server are made via https (Transport Layer Security (TLS)). We used symmetric and asymmetric encryption, hashing and other ways to make sure users’ information cannot be stolen. Each camera has its own secret key and certificate so that we can validate its identity during handshake. The contents are encrypted via AES 128-bit encryption to protect the data. Even if a hacker intercepts the data package, the data cannot be decrypted.

From another post:
we do take user security very seriously and all of the uploaded video clips have multi-layer encryption. We at WyzeCam do not have access to that footage, and neither does Amazon. Even if those videos happened to be intercepted, which is unlikely, the amount of work required to dismantle multi-layer encryption is usually unappealing to most hackers.
https://www.wyzecam.com/forums/topic/wyzecam-microsd-only/#post-70713


#3

The password for the cameras is the same as used on this forum (if it’s possible to make them different, let me know). If an attacker were able to exploit a vulnerability exposing user account information and unencrypted passwords, no amount of password strength will protect you. You can’t tell if another user is connected to the live feed, unless they use two-way audio, or your networking equipment supports monitoring. My wife and I have both connected to the live feed of one of our cameras at the same time and used it to talk to the kids. Neither one of us would have known the other was connected but for the two-way audio.

My point is, an attacker who doesn’t use the two-way audio feature would be very difficult for most people to detect. That being said, a couple features that could help: 1) being to able to see details of users connected to the live feed, or an event log, although logs can be manipulated. 2.) support two-factor authentication for first-time connection.


#4

Yes!!! Two factor authentication for first time connect per device would greatly increase peace of mind.


#5

2FA is a no brainer to support. TOTP is not technically challenging to implement. Supporting U2F also is ideal because the user experience is much nicer.

Auditable access logging is also a no-brainer, particularly an option to enable/disable and configurable alerts. The lack thereof is currently keeping me from actually buying the product, considering the scarcity of info about the security architecture of the system.

The little bit of information I’ve found about digital security and privacy has been reassuring, but there’s so little info published I can’t have much confidence. More detailed and complete documentation about the security and privacy architecture should be considered a core feature for a product that has security uses. Look at LastPass for a great example of how to get this right.

With GDPR imminent, I’d also like to see more information about how users can review, export, and delete all data pertaining to them within the system. What I’ve read so far sounds reasonable from a security/privacy standpoint if the claims are true but I can’t verify those or apparently make any decisions about it if I change my mind after trying the product. All of these concerns are extra important for a product that’s often used for security in the first place.

 

I’d ultimately really like to see more controls in place that transfer control over data and device access to the owner (purchaser). I’m tech savvy enough to manage my own encryption keys, use my own cloud storage APIs, etc. and just don’t want to have to manage the whole product software lifecycle end to end unnecessarily. I think there are a decent number of potential customers who are in the same boat. We’re also all tech influencers. Our friends and family respect our recommendations about what tech products to use or avoid. What I’ve seen about this product so far looks pretty promising, or else I wouldn’t bother commenting. Can the company deliver the whole package?


#6

Just got a WyzeCam Pan. Very pleased with it so far but signed in to +1 everything @deesplease said here. These same questions came to my mind as I was setting up the WyzeCam and I was glad to find someone else raising them when I searched the forum.

This degree of auth and visibility is simply expected these days.


#7

Me and my wife were in the living room watching TV when we heard a cough come from the kitchen where I have two of the cameras we thought it was strange and couldn’t find anyone around who would have made that cough I played back the one camera and I could hear the cough and on the other camera at the same time it went silent for a few seconds I don’t know how to report it to wyze but I figured I’ll be moving them out of my house and to the outside where I don’t care as much what could possibly happen


#8

We have a cam in the laundry room so we can keep an eye on the dog during the day when no-one is home. My daughter was doing her homework in the basement tonight when she heard a mickey mouse like voice say ‘Hello’ from the laundry room. My wife and I were out at the time and it scared the hell out of her so much she grabbed the dog and ran to the neighbors house.

The Firmware is up to date and am not sure how to lock this down. Is there any way to track, log or even disable the audio on the camera? Should I remove and re-add the camera with a new password?


#9

You don’t need to remove and re-add the camera, but you probably should change your Wyze password here: https://www.wyzecam.com/my-account/edit-account/

That said, there may be other explanations for what seemed to occur other than someone gaining access to the camera.


#10

Thanks for the link Rick. I did look for other potential sources but its a pretty empty room. No radio, toys, dog toys, open windows, house creaks or anything else that would mimic the sound like this.

Ill change the password and see what happens. Im sure it was just a fluke.